This blog comments on Canadian (and occasionally comparative) national security law to update my National Security Law textbook and now also my 2015 book, False Security: The Radicalization of Anti-terrorism, co-authored with Kent Roach.

Please also see www.antiterrorlaw.ca for Bill C-51-related analyses by Craig Forcese and Kent Roach.

For narrated lectures on various topics in national security law, please visit my 2017 "national security nutshell" series, available through iTunes.

Spring has sprung, and so has the United States intelligence community. Specifically, the last several months have witnessed an astonishing pattern of leaks from the US government. Some of the leaks come from the White House -- in one case apparently as part of run-on bombast from the man at the top. But in the wake of the Manchester bombing last week, some leaks seem to be coming out of the intelligence community itself. American leaks have fuelled angst among allies, most recently the British.

The New York Times ran two interesting analyses of US leaking of information collected by British authorities in the Manchester bombing investigating (here and here). They note how the culture of leaking is embedded in the United States in a manner without parallel in the United Kingdom, not least because of the broad reach of the First Amendment. I suspect also that the competing power centres in the American republican system (Congress/Executive) also facilitate an environment receptive to leaking. And the sheer size of the US intelligence community, and its vast penumbra of contractors, has contributed to leaky information control (the Snowden matter constitutes the obvious poster child for this).

But where does (Westminster) Canada lie on a spectrum of leakiness, with the United Kingdom on one pole and the United States on the other? My instinct is to say we are closer to the United Kingdom than the United States, with caveats.

The Law

First, there are many serious penalties for leaking classified information. On top of workplace discipline and loss of a security clearance, there is a prospect of going to jail. Security and intelligence community employees (and a number of others) are "persons permanently bound by secrecy" under the Security of Information Act (SOIA). It is a serious crime for them to reveal special operational information. It could also be a breach of trust under the Criminal Code for any official to leak any classified information. And s.18 of the CSIS Act includes its own offence for leaks of Service information relating to source identity, applicable to those acting under the CSIS Act (a category that would include not just CSIS officers and employees, but also those of SIRC and ministerial officials.)

US and UK law also include penalties for leaky intelligence employees.

But we are more like the United States in one key respect: our Security of Information Act is probably even more unworkable than the US Espionage Act (and way more unworkable than the UK Official Secrets Act) when it comes to leaks by officials, other than those permanently bound by secrecy, to entities, other than foreign entities or terrorist groups. So, for instance, a leak by an official (other than a person permanently bound by secrecy) to the Canadian media would be very difficult to prosecute under the Security of Information Act (although Criminal Code breach of trust would still apply). The reason for this is that the "anti-leakage" provision of SOIA (the infamous section 4) has not been updated since 1939 and is unconstitutional gibberish -- and so concluded the Ontario Superior Court of Justice in 2006.

We are also more like the United States in our constitutional arrangement. Pointing to Charter s.2, the Federal Court has recognized a constitutionalized right in Canada of whistleblowing. But this right is limited by s.1 considerations (See discussion in Forcese & Freeman, Laws of Government, 2011 at 220). And basically, that means that whistleblowing is limited to dire necessity, and must be done first through an internal mechanism and not initially to the media and public.

This approach is codified even for persons permanently bound by secrecy as a defence to a criminal charge under the SOIA, where they might otherwise be convicted for leaking special operational information. That defence specifies that whistleblowing should go through SIRC or the CSE commissioner, although the provision (s.15) leaves a lot of unanswered questions about how that mechanism might work.

Practice

On balance, we seem to be more like the UK in our practice. It is true that Canada has management issues with classified information. For instance, the CBC reported in November 2016 that "[t]here have been more than 10,000 incidents of classified or secure documents being improperly left or stored since Prime Minister Justin Trudeau's government came to office." This included 659 cases in CSIS itself. But all countries struggle with information management -- that is different from intentional leaking.

And CSIS has complained regularly about compelled disclosure in security certificate and Canada Evidence Act proceedings. But again, disclosure by court order is different from leaking.

In relation to intentional, unauthorized disclosure (aka leaking) of intelligence by the intelligence community or related entities (such as review bodies or special advocates), I cannot think of many (publicized) examples from the recent past.

The two instances that do come to mind were concerning, not because they revealed sensitive secrets but because they constitute examples of someone in government selectively disclosing intelligence information (or innuendo at least) to cast the security services in a favourable light.

The first was the leak concerning Maher Arar, during the Arar inquiry. This involved both selective leaks of information/analyses along with slanderous editorializing about Arar's character. And it came just as the RCMP and CSIS (among others) were being rightly castigated for their failings in the treatment of Arar. The Arar commission was so concerned about this behaviour, it added an entire chapter on the leaks to its report. And it said this about leaks done in 2003:

Unlike many other actions of Canadian officials that I describe in this report, leaking information is a deliberate act. Moreover, some of the leaks relating to Mr. Arar were purposefully misleading in a way that was intended to do him harm. It is disturbing that there are officials in the Canadian public service who see fit to breach the public trust for their own purposes in this way. It is disappointing that, to date, no one has been held accountable.

The second major example were similar leaks relating to Messieurs Charkaoui and Abdelrazik, again as the government was losing in front of a judge while trying to defend its efforts to deport and exile, respectively, these men.

It is unclear who did all this leaking -- a lot of the information was in circulation in government departments outside of the RCMP and CSIS. Both of these leak cases prompted RCMP investigations -- none have resulted in any further action being taken. In the Arar matter, the RCMP's hamfisted investigation involved a raid on Ottawa Citizen journalist Juliet O'Neill's home and office. That in turn prompted the Citizen to challenge the constitutionality of s.4 of the Security of Information Act -- successfully.

In the second matter, an investigation has apparently been ongoing, but here again the RCMP appears to have made serious strategic errors by targeting journalists in an effort to find their sources. And on top of that, they did so in a manner that did not comply with ministerial directions on national security investigations that implicate sensitive sectors (such as the media).

So in sum: We are like the United Kingdom in our strict rules and a general pattern of few intelligence leaks from our broader intelligence and security community. We are like the United States in that leaking raises constitutional free speech issues (and also constitutional safeguards on overbroad anti-leakage provisions, like s.4 of SOIA). And we have an unpleasant tradition -- however modest -- of government leaks to the media designed to cast the security services in the most favourable light when those services are embroiled in controversy.

Events yesterday in Iraq seem likely to complicate the legal basis for Canada’s participation in the anti-Daesh coalition. As summarized by Jennifer Daskal over at Just Security:

U.S.-led forces hit a convoy carrying pro-Syrian government forces advancing inside a deconfliction zone inside Syria. The convoy was reportedly traveling toward the al-Tanf military base used by U.S. coalition forces to train anti-ISIS fighters. U.S. and coalition officials assert that the Russians “apparently” attempted to dissuade the convoy from entering the area, that they first fired warning shots and deployed two US aircraft as a show of force, and only struck the convoy after it failed to heed the warning, as a means of protecting U.S. and coalition forces.

Jennifer Daskal also reports US official statements that the “strike was a proportionate response done for purposes of force protection—an act of self-defense in an effort to protect U.S. forces.” She observes: “This is, on its face, quite plausible. And, if accurate, lawful as a matter of both international and domestic law.”

The facts remain uncertain. But I shall assume for the sake of this analysis that the convoy comprised Syrian government controlled militia or military. And I shall assume that Syria is now actually interested in fighting Daesh (whether or not this particular convoy was tied to that effort).

If so, I am less persuaded that the strike was lawful as a matter of international law. Or more accurately, I think it undercuts that entire legal basis for the presence of Coalition forces in Syria.

The Basics

Leah Sherriff and I examine the international law of using force against a non-state actor in the territory of another state in our article on targeted killing. Interested readers will find there the detailed footnotes for the sources and principles I cite below.

To summarize, a state may not use force against another state, or on that other state’s territory without the territorial state’s consent. There are two exceptional circumstances.

The first is UN Security Council authorization. That does not truly exist for the conflict against Daesh, notwithstanding the S/Res/2249 (2015). I agree with those analyses that see this resolution as an intentionally ambiguous resolution that falls short of the language associated with Security Council authorizations on use of force.

The second exception is self-defence against an armed attack, including collective self-defence done in conjunction with a state that has suffered this attack. Self-defence against Daesh is, in fact, the legal basis for Canada’s use of force in Syria. In late October 2014, when Canada joined the American-led coalition against Daesh in Iraq, it reported to the UN Security Council that Canada was invoking individual and collective self defence under article 51 of the UN Charter, explaining “States must be able to act in self-defence when the Government of the State where a threat is located is unwilling or unable to prevent attacks emanating from its territory”.[1] On the specifics on the Daesh case, Canada is asserting collective self-defence with Iraq against Daesh, with self-defence extended to Syria (where Daesh also operates).

But Syria itself has not consented to the use of force on its territory (and even if it had, tacitly or otherwise, it could revoke that consent). And it itself is not the originator of the armed attack. Hence we face the common post-9/11 conundrum: Directing military force against a non-state actor almost always requires use of force on the territory of another state, including some that do not consent.

There is serious incongruity in the idea that a non-state actor may use violence whose scope and effect rises to the level of armed attack, and then hide behind the territorial sovereignty of a state that, however unwillingly or unwittingly, serves as host. And as a practical matter, some states – including, especially, the United States – have rejected a formalistic approach that would allow this shelter. These states have instead pursued a doctrine of “unwilling or unable”. In Ashley Deeks’s words:

The “unwilling or unable” test requires a victim state to ascertain whether the territorial state is willing and able to address the threat posed by the nonstate group before using force in the territorial state’s territory without consent. If the territorial state is willing and able, the victim state may not use force in the territorial state, and the territorial state is expected to take the appropriate steps against the nonstate group. If the territorial state is unwilling or unable to take those steps, however, it is lawful for the victim state to use that level of force that is necessary (and proportional) to suppress the threat that the nonstate group poses.[2]

Whether “unwilling or unable” is truly part of customary international law is hotly debated. However, the international community has demonstrated more receptivity – although certainly not enthusiasm – for the doctrine since 9/11 and especially since 2014. The United States and Turkey have reaffirmed the existence of an unwilling or unable doctrine to justify self-defence against Daesh in Syria, and they are not alone. They have been joined by Australia, Belgium, Canada, Germany, and, implicitly at least, Denmark, Norway and the United Kingdom. In response to the US notification to the United Nations, then Secretary General Ban Ki-Moon reportedly stated: “I also note that the strikes took place in areas no longer under the effective control of that [the Syrian] government.” Other states, such as Jordan, Bahrain, Qatar and the United Arab Emirates have participated in air strikes in Syria without articulating legal justifications, leading at least one commentator to posit that they are “relying on the same legal theory as the United States and UK.”

Still other states, such as France, have embarked on a similar course under the shelter of a UN Security Council resolution 2249 (2015) that is (as suggested) creatively ambiguous about the legal authority for directing force at Daesh in Syria.

Collectively, this constitutes considerable state practice and – in the case of the United States, Turkey, Canada, Australia, Belgium and Germany – emphatic opinio juris supportive of the “unable or unwilling” doctrine as a basis for invoking UN Charter Article 51 self-defence.

Yesterday’s Events

State practice of what is less clear. It is one thing to intrude on a state’s territory to exercise self-defence strictly limited to the attacking non-state actor. It is quite another to stray beyond this terrorist-specific targeting and direct force against the territorial state’s own assets or infrastructure. That is why the US missile strike against the Syrian airbase after the chemical weapons attacks in April cannot be justified on the same self-defence theory supporting use of force against Daesh. (See my own views on that incident here and here.)

Yesterday’s clash with Syrian forces raises new legal doubts. They boil down to this: how can the “unwilling and unable” justification for force in Syria be maintained once the Syrian government asserts itself on its own territory against Daesh? “Unwilling and unable” begins to look like transparent pretext. Moreover, it beggars imagination that it could be used as legal justification for a Coalition forces strike staving off the very government said to be unwilling and unable in the first place.

To conclude that Coalition use of force is lawful in these circumstances you would need to accept the following:

1. Coalition forces have been lawfully employing force against Daesh because Syria was unwilling and unable.

2. The unwilling and unable justification persists even after the territorial state demonstrates it is no longer unwilling and unable.

3. And more than that, the Coalition forces may lawfully use military force to suppress efforts by the once unwilling and unable state aimed at reasserting control over its territory.

The “force protection” argument for yesterday’s Coalition strike only gets you so far. “Force protection” is not lawful self-defence if the presence of the Coalition now itself constitutes an armed attack against Syria, because the original “unwilling and unable” basis for the Coalition presence has evaporated. (Imagine this outside of the Syria context: If one state invades another, and parks itself on the second state’s territory, an effort by the invaded state to resist the invasion is not an attack against which the invading state may claim self-defence.)

Conclusion

I acknowledge that these legal niceties will determine little of what happens in Syria. And I imagine others will counter with their own legal reasoning. That might be something like this: once lawfully engaged in self-defence under an unwilling and unable doctrine, the Coalition may use such proportionate force as is necessary to end the armed attack by Daesh, including against the Syrian government if it gets in the way. Put another way, the unwilling and unable justification is a one-way-ratchet that cannot be notched back because the delinquent territorial state has a change of heart or capacity.

If that is the legal argument, it amounts to: once a failed state whose sovereignty has been suspended, always a failed state with a suspended sovereignty. That does not seem the sort of position likely to increase international stability or avoid capricious misuse in the future.

At the very least, events on the ground in Syria demonstrate clearly the risk of predicating use of armed force on a fuzzy doctrine like “unwilling and unable”. States do not always remain unwilling. And to use force to ensure they remain unable would be the height of absurdity.

In sum: since Canada is participating in the Coalition, it will be drawn along into a difficult legal quagmire if the anti-Daesh campaign now bleeds into an armed conflict with the Syrian government.

[1] Letter dated 31 March 2015 from the Deputy Permanent Representative of Canada to the United Nations addressed to the President of the Security Council, UN Doc S/2015/221 (31 March 2015)

As most people who would ever bother to read this blog know, the Washington Postreported last night that Donald Trump spilled a major classified bean in his (already) bizarre White House meeting with the Russian foreign minister and ambassador. The information in question originated from an allied intelligence service, most likely in the Middle East.

Early indications suggest this was patented Trump braggadocio (“Oh, I have the best intelligence services. And Trump Tower makes the best taco bowels”). But undisciplined disclosure is almost scarier than malevolent disclosure, and it will raise inevitable questions about whether allied sharing services can possibly hope for originator control with Trump in the White House.

Some in the Five Eyes may be feeling particularly righteous, given past US objections to disclosure of US origin material. (The British case of Binyam Mohamed being the poster child). But such schadenfreude is not likely to be shared within the intelligence services. Stephanie Carvin does a good job identifying key policy issues.

In terms of legal implications, Lawfare (in its blog and emergency podcast) notes that there are few criminal law implications for Trump. Basically, the US president owns the classification system as part of his constitutional executive powers, and therefore has lawful authority to waive it.

Thought Experiment: Prime Minister Trump

But as is my wont, I can’t help but transpose the US events onto a Canadian legal context, to perform a legal thought experiment: If a Canadian PM were to disclose top secret (and probably compartmentalized) information to a hostile foreign power, could he or she go to jail?

In truth, no one can say for certain, since this is so novel an issue. But speculation is terrifically fun and I am going to go with “yes”, for reasons that follow. (And thanks to the several people on twitter who bandied around thoughts with me on this issue. In full disclosure, not all will agree with this analysis.)

Starting Point: Crimes

We will assume that the PM has access to this sort of sensitive information, with this degree of sensitivity. If he or she disclosed it, two statutes contain crimes that might be applicable: the Security of Information Act (SOIA) and the Criminal Code (CC). The most likely provisions boil down to SOIA s.16 “communicating safeguarded information”, SOIA s.17 “communicating special operational information”, CC s.46(2)(b) “treason” and CC s.122 “breach of trust”. (Other SOIA crimes limited to “persons permanently bound by secrecy” would be inapplicable, because the PM is not such a person.)

No Executive Immunity

In Canadian law, there is no executive branch immunity. That is, the PM is not above the law, and is subject to the regular criminal rules. The PM, as an MP, does enjoy parliamentary privilege. And parliamentary privilege should immunize statements made during parliamentary proceedings from being questioned anywhere outside of Parliament (for example, through a prosecution in court). But that privilege is confined to official proceedings in, most likely, the House or committee of the House – indeed, it does not even reach statements made in the precinct of Parliament, but outside of formal proceedings.

In our hypothetical, the PM would be conversing with the representatives of a hostile foreign power in his or her executive office, and so parliamentary privilege is irrelevant.

“Lawful Authority”

The much thornier issue is whether the PM would have “lawful authority” to disclose (unilaterally) classified information in this setting. The SOIA and treason offences apply only where the person acts without such “lawful authority”.

Breach of trust is more difficult to describe. Not every administrative error by a public official (a category in which the PM falls) is a breach of trust – in the Supreme Court’s words, it “must represent a ‘marked’ departure from the standards expected of an individual in the accused’s position of public trust.” In determining whether there is such serious misconduct, one takes into account “the responsibilities of the office and the officeholder, the importance of the public objects which they serve and the nature and extent of the departure from those responsibilities” (citing with approval Shum Kwok Sher at paras. 53 and 54).

Would a PM have “lawful authority” to act in the manner proposed?

My answer is “no”.

“Lawful authority” is not a defined term, and so requires a further inquiry into the way information security is maintained by the Government of Canada. Information classification is not governed directly by statute, but by Treasury Board policy. Originally, this policy derives from royal prerogative over the management of the public service, not displaced by the Public Service Employment Act. (This is a reasonable inference from the Supreme Court’s decision in Thomson).

Security of information was governed by a 1956 Privy Council Office document called “Security of Information in the Public Service of Canada”, while security clearances were governed by Cabinet Directive 35 (1963). These instruments were replaced in 1987 by the “Security Policy of the Government of Canada”, issued by Treasury Board under authority of the Financial Administration Act(FAA).

Treasury Board is a statutorily-constituted sub-committee of Cabinet whose responsibilities under s.7 of the FAA are to “act for the Queen’s Privy Council for Canada on all matters relating to … [among other things] (a) general administrative policy in the federal public administration”.

This is all a very complicated way of saying: government security classification policy has always been set by Cabinet, either directly or through the Treasury Board.

This is not one of those few instances where the PM him or herself has exercised the royal prerogative personally or where he or she enjoys a personal prerogative. At least I can find no indication that it has been.

Cabinet generally exercises prerogatives. Sometimes individual ministers may exercise special aspects of the prerogative. And, it is sometimes said that the Prime Minister may personally exercise the prerogative, because head of government. As support for this, some authorities point to a slender statement by the Ontario Court of Appeal in Black, and the fact that in that case the PM gave direct advice to the Queen on the award of honours (See, e.g., discussion here at 13.)

But not all prerogatives are equal. First, I am generally resistant to claims that the PM can exercise unilaterally prerogative powers typically exercised through the vehicle of Cabinet (technically, the Governor in Council).

I am conscious that there is in the bowels of government likely some sort of trove of documents looking much like warehouse in the Raiders of the Lost Arc that might well prove me wrong. But it is worth noting observations like the one from the Federal Court in Khadr v. Canada (Attorney General), suggesting that where Cabinet codifies the exercise of a prerogative (in that case in the Passport Order), it is for cabinet (and not an individual minister) to create any exceptions:

Having determined that the prerogative had not been exhausted or occupied by the Canadian Passport Order, the issue remains whether the Minister could exercise the prerogative given that an order in council governed the administration of passports. It seems logical that since Cabinet had devolved some aspects of the prerogative to the Passport Office under the Canadian Passport Order, only Cabinet could act to deal with exceptions to the Canadian Passport Order.

An obvious response to this is, “Yes, but the PM is a special minister”. The PM is certainly special in being able to determine the Cabinet consensus, but I remain unpersuaded that in every instance, that specialness extends to unilateral exercise of the prerogative outside of Cabinet.

At any rate, all this is entirely academic in an entirely academic blog entry, for two reasons. First, whether or not the PM retained some sort of residual personal prerogative in this area, I think it has been usurped by statute.

Parliament has expressly tasked the Treasury Board with establishing administrative policies, under the Financial Administration Act. It is the Treasury Board that is to “act for the Queen’s Privy Council for Canada” on such matters. It has done precisely this in creating the government security policy. (I recognize there is a "may act" in there, suggesting that perhaps there is some residual authority in Privy Council as a whole, but that just puts us into a loop about whether in these circumstances, the PM can then exercise any residual authority.)

Botom line: there is a heck of a lot suggesting to me that the PM does not have autonomous power to determine security classifications. That alone should decide the matter as to whether the PM has “lawful authority” to disclose. My answer: no.

But there is a second wrinkle: The PM has access to this classified information because (and in consequence) of his or her membership in the Privy Council. Being sworn into the Privy Council is the sine que non of being a minister. (Note also that there is a reason why members of the Security Intelligence Review Committee are sworn in as privy councillors – as SIRC’s webpage notes “All of the Committee members must be Privy Councillors, which means that they have full access to highly classified information, a privilege which is not granted to most Parliamentarians”).

The privy councillor oath reads:

I, __________, do solemnly and sincerely swear (declare) that I shall be a true and faithful servant to Her Majesty Queen Elizabeth the Second, as a member of Her Majesty's Privy Council for Canada. I will in all things to be treated, debated and resolved in Privy Council, faithfully, honestly and truly declare my mind and my opinion. I shall keep secret all matters committed and revealed to me in this capacity, or that shall be secretly treated of in Council. Generally, in all things I shall do as a faithful and true servant ought to do for Her Majesty.

[Emphasis added].

Leaking a secret revealed to the PM in his or her capacity as a Privy Councillor is, in my view, a breach of the oath.

That breach itself would vitiate any argument that the PM had “legal authority” within the meaning, e.g., of the SOIA. And it would also constitute the egregious departure from standard practice, grounding a breach of trust charge.

Conclusion

All of which is to say that I do not believe the PM floats above the law in this area and can declassify on the fly without looking over his or her shoulder. I may be totally wrong – this is one of those questions whose answer one only knows when a court tells you.

But if I were PM and I wanted to spill a secret bean, I’d do it in Question Period to benefit from parliamentary privilege. And boy, would that make the opposition parties happy.